4.
Description
• Cache poisoning attacks target a specific DNS server, and
therefore, only the users which use that DNS server
– This doesn’t fit the “get most bang for the buck” of typical
hackers out for fame and glory
– BUT, the attack can be very insidious, difficult to detect and
completely transparent to the victim
• These attacks occur infrequently, or, are just not being
detected and reported.
4

15.
Impact
• Users are dependent on the answers from the DNS
being accurate and legitimate
• Cache Poisoning can be used to create very realistic
phishing attacks, that are more likely to succeed,
because they appear to use real URLs.
– Users are more attune to “strange” URLs now than
several years ago, but cache poisoning allows an
attacker to use a “normal” URL
15

17.
Mitigation & Response Strategies
• Know WHO to contact at the ISPs within your span
of control
• Know the procedures for flushing the DNS cache –
you may have to instruct operators how to do this!
• Information Sharing – if you’re the victim of an
attack – share the details of the attack within the
community – you may prevent someone else from
becoming a victim
17